Overall, upgrade of most of my/our machines went smoothly. It's during
those operations that I re-appreciate the value of
our fedora.us policies and the ease of
rebuilding that mach brings me.

FC2's kernel has a very sparsely documented feature that seems to be called
vdso or linux-gate. Run ldd /bin/bash on an FC2 machine and you'll see
it being linked to a "library" called linux-gate.so.1 which isn't a real
library, but something the kernel dynamically creates. Took me quite some
time to pinpoint this mechanism as the problem for mach to set up chroot's
for pre-FC2test3 on post-FC2test3 systems.

Now on to figuring out a way to build kernel modules properly on 2.6.

Here's the thing. In 2.4, you could build out-of-tree kernel modules just
by using the kernel source that was preconfigured. Using this, you could
make modules for any Red Hat kernel. That means, also for smp, or for i586,
and so on.

With 2.6, you need a bunch of generated files specific to your arch/type
combination, which is now stored in /lib/modules/(uname -r)/build

So, if you want to build all modules for a given kernel release in one go,
you can't. Since the i586 and i686 kernel rpms aren't parallel installable,
for example, you need two runs. What's more, apt-get will look at
/etc/rpm/platform through rpm to figure out the correct arch to install, and
there's no real way I can make apt forcefully install the i586 one on an
i686 machine.

So, one solution would be to download the kernel rpms, rpm2cpio them, and
extract all the files, and repackage them. Doable. But that would create
some huge .src.rpms and some huge end result .rpms.

So I ran a diff on the four directories. It turns out that not that many files
are different. So here's what I'm going to do:

Write a script to unpack all the kernel rpms for a given release

run a python script on it that tells me which files are the same in all
fours, and which files are different in any of them

make a deeply symlinked forest of all common stuff, and copy the different
stuff

package this forest as a kernel-modules-devel rpm.

The %post script would then need to figure out if you have a normal or smp
kernel installed for the same kernel version/release, so it can set up a
symlink from the original /lib/modules/(uname -r) to the common one the
symlink forest links from.

A big hack, but a smart one. It took half a day to think about the
algorithm. After having written it down, it took another half a day to
write the python code until it worked. Running involves a lot of waiting
due to the rpm unpacking and list scanning.

Then I went on to actually use these packages. Looking at the stuff in
autostars, I was trying
to come up with a decent way of integrating 2.6's kbuild system with
our autotooled setup.

Since obj-m vars are refused by automake, however, the best I could come up
with was a hack that would generate a Makefile.26 for the new system which
would be invoked from automake. That would have been kludgey at best.

But Dave to the rescue:
he had looked at the same problem lately and had updated but not commited
the macros to work with 2.6. Apparently he wrote a small modtool script
in analogy with libtool, creating .ko files and necessities in a .mods dir.
I was left with just fixing the small issues to make it work on Fedora Core 2,
and (as I later found out) merge back all my previously commited fixes which
he threw away :)

So, our as-linux stuff, combined with the kernel rpm I made for the symlink
forest, managed to build the sample kernel modules fine. Next step - real
modules.

The trickiest one to get right was the combination of hostap and ipw2100.
The ipw2100 modules need the hostap ones, and build against headers from hostap
and needs symbols from hostap. With a few enhancements to as-linux, this
worked out fine too. And now I need testers. If you have FC2 and
an ipw2100 network card, try
these packages. You need hostap and ipw2100.
Don't forget to get/update the firmware file in /etc/firmware, you need
version 1.1 of the file.

I also tried rebuilding the qc-usb kernel module, but while it loads fine
and detects the camera, it doesn't really work. I tried a regular build
from the source project too, though, and it had the same results, so it's
probably not my fault.

If you have a kernel project that you'd like to see packaged, let me
know and if it's something I can test, I'll give it a shot.

advogato

I was scared advogato was down for good and had taken my diary entries with
me. Over the years I've written quite a few entries and I was hoping to
somehow get them back so I can store them for when I go to the old men's home.

When it got back up I wrote a simple script using the xml-rpc python interface.
Python is soooo nice for simple stuff like this. If you want to backup your
entries, get
the script and run it with your username as argument. It will create
a directory with that name in your current dir and download each of the entries
to a separate .html file.

I've thought about setting up a planet aggregator and wordrpess on our
apestaart server to get my friends to blog a little about their life in
Belgium. Blogging is a nice unintrusive way of letting others know what you're
up to, and reading them is a nice way of knowing how they're doing.

Uraeus

If he was talking about me as well, then he's giving me too much credit.
All I'm trying to do is to make sure we can do streaming, and try and tackle
the general "Multimedia, Codecs, Patents, Licenses and Distributions"
problem. But we're making progress. Interested in what the FSF has to answer
to our questions.

Flocks

I was getting the feeling my favourite cat herder was turning into a prison
warden, but he sort of put my mind to rest.

It's pretty simple. A bunch of their engineers go out to see a movie.
Threeofthem
blog about it.

And not a single one of them manages to mention the utterly delectable
Kate Beckinsale.

These guys are just impossible to distract from whatever their goal was.
And that's why, kids, Red Hat/Fedora will always be a top notch distro.

Movies

Whilst on the subject... Went to see Intermission because we were too late
for Big Fish. Quite ok. Saw Bully over the weekend. Alrightish, but man,
are those kids stupid in the movie. Based on a true story, but I hope
they were slightly brighter in real life.

Saw "Varsity Blues" yesterday. I can honestly say it was the
best movie I've seen all yesterday.

gnome-media

So Ronald and I took over maintainership from Ted. I've started by applying
all the patches that were still applicable to the 2.6 branch, then tried to
branch, but failed because Ted apparently had already branched for 2.6.

Updated my local GNOME Maintainer's Guide with all the steps I'm taking while
I go along.

After sorting out the branch mess, I started to work on some of the bugs
in 2.7.

I wrote a command-line CDDB client for the CDDB slave so I could reproduce
some of the bugs more easily, which caused some segfaults when run together
with gnome-cd. It was like an itch you're trying to scratch that keeps
running away from your nails - I spent quite some time figuring out exactly
what was going wrong. The setup is quite complicated, with clients requesting
a slave client, which is instantiated through CORBA, which causes the CDDB
slave component to create a slave object to handle the requests, and then
signal the slave clients.

One of the problems was that each slave client got notified of every lookup
from every slave client, so my command-line client forced gnome-cd to believe
the disc had changed :)

Anyways, after restructuring the code, adding comments and hacking notes,
and adding some code to set the CDDB server to protocol level 6 so it
gets UTF-8 responses, things are starting to come along quite nicely.

I also added error checking to the CFLAGS, and then spent some time fixing all the warnings/errors that generated. Seriously, everyone who is against -Wall -Werror is probably just writing sloppy code. That doesn't mean I write good code; but I know I write better code with -Wall -Werror, and I know ANYONE writes better code with it.

It's actually quite nice to work on someone else's code as a new maintainer; 90% of the work is already done, and you can refactor code more easily since you have a reference version that works.

So you just start learning the code by tackling some of the
simpler bugs, adding comments to functions as you go, and taking notes on how you work, until you've seen and changed the whole code.

Fluendo

The basic setup to replace camserv works fine. Monkeys are being spanked
at an alarming rate. I hope we get our server soon so we can make a
continuous stream available to the outside world.

Did a lot and very little at the same time. Went out with collagues,
helped a friend of mine move (I hate moving, and having to move boxes
to the center of a city like Barcelona is even worse), went out blading,
had my niece over for a few hours, played some SSX3, went to have dinner
with two friends at their place (with the best salad I've eaten since
moving here).

Got a nice mail from someone about the ipw2100 modules I made. Need to
update them to 2.6 kernels, I think I have the mechanism worked out now.

Week

Wim started today, yay. I'm stuck on trying to figure out a way to help
negotiation wrt. fixation a little.

Join Ross

"Grab the nearest book, open it to page 23, find the 5th sentence,
post the text of the sentence in your journal along with these instructions."
Suggestion 2: Pay attention to your problems.

I had to cheat though, the first book only had three sentences on that page.

Life

Last week I managed to embarass myself again for a change. I'd been looking
for a tango place when I moved here. The first one we went to last month was
closed for renovation. I had found some posters around our place with
"Tango" on it in a nice big font, and a stylised dancing couple. It claimed
the place had three evenings with orchestra. So last weekend we went there,
got in, paid 10 euros each, and entered the big room.

Looked like a nice
enough dance hall, but everyone in there was at least 50. While it's not
uncommon to have older people on Tango evenings, there was no one our age
at all. Also, the music wasn't tango music, but Spanish popular music.
After some walking around and thinking, I realised that the place
itself was called "Tango". Sigh.

At least I know where to send my parents to next time they're in town.

Working is becoming more and more fun. Working on streaming and seeing it
evolve is rewarding. I must say I'm quite impressed how decent the 0.8
GStreamer core has become; most of my time is spent looking at fixing plug-in
issues.

David did a great job on the caps rewrite; he put in stuff he wasn't sure of yet how to use (like, all of the fixating hooks), but as I learn how it works in actual use day by day it seems to get easier to fix bugs on it, and I get the feeling he had the right hunch. I'm not sure he's yet able to express exactly how the hooks are supposed to be used :) but his gut instinct seemed to point in the right place, and now it's up to fixing plugins.

Benjamin has been plugging memleaks all over, which is great. I should really build a custom valgrind that works with GStreamer, my system one has GStreamer running into some hardcoded limits.

Ronald meanwhile is beating the crap out of any media file we're currently not playing. The number is shrinking rapidly. One of these days someone is going to add mp4v/mp4a support to qtdemux, which I need for some other project.

All in all, it's moving at a pretty quick speed.

This week, I dove into the v4lsrc element, which didn't work with the qc-usb
drivers because those drivers use an internal buffer of only one frame, and
Ronald coded the v4lsrc element to work in streaming mode, which requires
at least 2. After some fiddling and reading, I learnt that this specific
driver has a hack which enables streaming mode by exposing two buffers,
with both buffers being the same physical ones in the driver.

That didn't get it to work yet either. But this was due to some code in v4lsrc
that only used the buffer's pointer to check which buffer to requeue in the
driver, and since the driver is handing the EXACT same pointer this didn't
work. So, attach the frame number as private data to the buffer, and use this
to requeue the proper frame, and v4lsrc was fixed.

Next in line was rewriting TCP elements. As I've blogged before, this entailed
modelling four elements (two servers and two clients) on the fdsrc/fdsink
elements. At first I was just sending over raw buffer data. That, combined
with an element that is able to figure out correct buffer size for raw video
frames (since you can calculate this based on the output format), allowed us
to stream raw video.

This breaks of course when you want to stream encoded video. There's no
way to transfer the buffer size properly, so the second pipeline cannot
chop up the incoming data to one buffer per frame.

So, on to writing a simple protocol to transfer GstBuffer, GstCaps and
GstEvent over the TCP link. It's a bit messy at the moment, but I got it
to work today. I did spend three hours over a random bug that in the
end was caused by my own stupid code that freed a caps structure right
before returning it :/ (In my defense, I haven't had a decent night of sleep
all week).

I used to only work on audio, and am slowly picking up on video-related issues.
The fun thing about hacking video is that the experiments and bugs are very
rewarding.
For example, as soon as we got JPEG streaming to work, we dropped down the
quality level to 0, which looks like this.
(It's a lot cooler if you see it move :))

It's fun to invent a protocol, as simple as it is, and write the code to handle
it, all in some vacuum where you don't have to care too much yet about
other opinions. It's a small simple unit with a simple design that I can
easily put together, and I like doing stuff like that. I had the worst
headache yesterday when I decided to do this, and having fun with it all day
made my headache seem to go away.

Sleep

So, yesterday I woke up at 6 with a splitting headache, took something, went
back to sleep, woke up againt at 7.30, huge headache, took something, back
to sleep, woke up at 9, still a huge headache. It lasted all through the day.

At night, early to bed, but no chance of getting any sleep. Got up at 1 again
and started to look at doing a decent addressbook OpenLDAP setup, and this
time documenting it properly with my new docbook-xml-template. Was happy
to figure out how to make computer output look like a computer screen, and
simple stuff like that. Hope to finish this simple HOWTO as soon as I figure
out some of the more intricate details. But this time I want the stupid
addressbook setup to Just Work.

I also tried out conglomerate quickly. I'm not sure it works well yet, but it looks sweet for sure, and it seems pretty responsive. I should check up on if I can use it do to real work yet.

New employee

arrived today, yay ! Johan and I are excited to have someone extra in our
huge office. We're only taking up a quarter of the space right now. Granted,
we don't have our definitive furniture yet, and we're still missing the
pool table, pingpong table, couch, plasma TV, sauna, shower, and minibar.
But still ...

A disheveled young man knocked on my door last Wednesday claiming he was
a friend of 'the GNOME release manager' and if I could put him up for a
few nights, together with his girlfriend. He was tired from a long
trip from Australia to Europe and all through Europe. So I took pity on
him and took him in.

In the evening my home server started beeping loudly again, and he immediately
came to the rescue. First he helped me get lm_sensors running on the machine,
then we used gkrellm to check on the temperature. His hunch was correct;
at 60 degrees C it started beeping. He started to fan the open computer
with a book and made it drop to 50 in a minute, which stopped the beeping.

So that explained why it was crashing. Now to see what caused the CPU to
go crazy. Which was pretty much my own dumb fault - I was running Xvnc
on the machine for some applications, and the screensavers take it to 100%
after a few minutes.

So taking in a complete stranger already paid off on the first day.
Of course, the second day he took over the PlayStation and Entered the Matrix.
I hope he gets out of Tunnel A7 by the time his plane to Australia leaves.

It was nice meeting thaytan and Jaime, hope they have a good flight home.

Fluendo

Nice to see us getting a warm reception. It's also nice to be able to
code a little again. I checked GStreamer's tcp elements and found they
were done differently than I would expect. The server was done in the source
element, and the client as a sink. This means that you need to start
the consuming pipeline first, and the producing pipeline after that.
Also, the server was set up to be able to handle multiple connections, but
to me it makes little sense to have the start of a pipeline take data
from multiple elements.

The code was outdated too, so I made a bunch of new elements, where source and
sink are implemented as both client and server. Then we tested them by
streaming videotestsrc. Now I need to figure out how to add them to the
testsuite properly.

I made all the elements blocking, since our filesrc and filesink are blocking
too. But this might not be what we want.

gnome-media

So, Ted passed on maintainership to Ronald and me. I commited a few of the
easier patches for a 2.6.1 release in time for the 2.6.1 GNOME release.
Now we need to go through the rest and pick out the ones we can apply before
branching for 2.7

Had quite a productive weekend. First of all, I got off my ass and
tried out the Intel Pro Wireless 2100 drivers on my laptop. I had bought
driverloader, which worked quite well, but I'm getting tired of having
to download stuff each time I upgrade my kernel, and of course I actually
forget to download the RPM before upgrading in the first place.

Of course this gave me a good change to test my kernel module packaging
strategy again. Fifteen minutes of work gave me a loadable ipw2100 module
(without WEP, at first), just by running ./configure and make. Five more
minutes gave me a set of packages for it.

Then, I enabled WEP and rebuilt the hostap packages from the QA submission
queue at www.fedora.us. I had a problem with the function call being used
from hostap not being versioned. After some thinking, I figured out that
this was because the hostap package didn't include a hostap.ver file that
actually does the symbol redefining. So I changed the hostap package to
include that, rebuilt it for four archs and four kernels, and then rebuilt
the ipw2100 packages for the same. And lo and behold, the packages worked.
So if you have Fedora Core 1 and an ipw2100 card, *please* test
these packages together with
these..

Don't forget to download the firmware as per the instructions on
the ipw2100 project site,
and install it in /etc/firmware.

Next step is to update my kernel module stuff to 2.6, but I'm not looking
forward to that. AFAICT from discussing with people it seems there is no
decent way of building kernel modules against a read-only kernel-source tree.
Moreover, Arjan seems to say that to build kernel modules for a kernel/arch
combo, you need that exact kernel package installed as well. That will
probably make it harder to do mass builds of kernel modules as well.
Sigh :)

DocBook

I've been wanting to write a usable DocBook template tarball for quite some
time. There are a couple of "guides" I'd like to do and every time I work
on projects that use DocBook there is always something tripping me up.
Between xmlto breaking in TeX processing for PS and PDF, or the docbook2 tools
insisting on downloading SYSTEM identifier stuff from the net, there just
is no foolproof way of building this stuff.

So, after a day of trying to write somewhat clean make rules and .m4's,
I have a
template tarball project that builds documentation, passes make distcheck,
and easy to use in other projects. Yay me.

Fluendo

So, it's official: Fluendo is launched !
In a nutshell, we're going to write a free software streaming media server,
on top of GStreamer, making it possible to do completely free software-based
video streaming, using royalty-free codecs.

We decided some time ago to fund Xiph.org, since to reach our goal
we actually *need* a decent royalty-free video codec. Theora is very close
to what we need at this point; as soon as the bitstream specification is
fixed, all videos created with that version of Theora will be playable by
future versions of the library. This will hopefully have the same effect
as the Vorbis Beta 1 release had for audio.

And even if it doesn't, it still enables us to provide this server working
completely, for free, and hopefully, allow distributors of Linux to
pick it up, distribute it, as well as the GStreamer stack with playback
and recording applications. I can understand it doesn't make sense to do
so if you can't distribute video codecs as well, so once Theora is ready
to be distributed, I hope this changes the field a little.

Anyway, I'm pretty psyched we can announce all of this. There's always a
fear of turning over to the dark side without realizing, but being able
to start a company with these goals is exciting, and I hope we do well.
We're moving in our new office this week, and our new collague is arriving
next week.

The nice thing was being able to use my docbook-xml-template to generate
the press release easily :) So the next one we do will just be a matter
of filling in the content and running make.

Names

Ross is not the first one to link Fluendo to influenza. I really like the name,
it took us long enough to come up with something that we liked, still had
a domain name available, and not too much GoogleJuice. I'm wondering though
if non-hypochondriac people make the same link between Fluendo and influenza ?

Also, Ross ran away with a "might happen" newsbit and posted it, probably
to put some pressure on us to deliver :) All I can say is that we'd like to,
but aren't sure yet if all the pieces will be in place.

Muine

Read Jorn's latest entry. Good to see Muine progressing. Only, Jorn is switching backends (again). I have a lot of respect for Jorn, and he's a talented coder, but I really have to wonder *how hard it can be to do some bug reporting*. The number of times jorn was in our channel, multiplied by the number of bug reports by him, multiplied by the number of mails to our mailing list, are easily countable on the fingers of my two hands.

People seem to think stuff should just fall out of the sky. Sometimes it does, but when it doesn't, it doesn't hurt to poke the clouds a little so they drop some more stuff you want :) How's about some simple feedback about the framework you're coding against ?

Over here Good Friday is a holiday too. Great ! Kristien's birthday, so
spent all day together. Hope she's happy with the very lowcost present
she got, to compensate with the high-cost one from our anniversary that she
didn't seem pleased with (the present, not the anniversary.)

In the evening we went out to an absolutely wonderful Thai restaurant. Been
quite a while since I had such good food.

Over the course of a few days I've seen a whole bunch of movies:
Ghost World (Scarlett, yum), 21 Grams (scary, but good),
True Romance (again, I love this movie), Liar Liar (I haven't seen a lot
of Jim Carrey films, which means I don't get annoyed, so I liked this one),
and Highlander (which is still one of my favourites, even if only for
sentimental reasons), and 8 Mile. I must avoid catching hadessitis.
And tonight we watched Sixteen Candles, which was ok-ish if only for
seeing a really young John Cusack :)

For counterbalance Kristien also made me watch about 10 more episodes of
Friends. Well, it was her birthday, she got to choose this weekend.

Had a great barbecue on Sunday too for Easter. Invited some friends over,
experimented with roasting peppers to great success, and had a great day
out on the terrace. I love the weather here, even though it's been flaky
of late.

Dave/Dina

Finally ended up packaging all the bits and pieces for Dave/Dina to make
TV/out work again with the new Matrox. That meant rebuilding kernel packages
with appropriate patches and options, DirectFB from CVS, and some other
stuff.

Played a little with an interesting application from someone that basically
rendered a user interface as a filter to MPlayer. It's a big hack, and I'm
not sure it's the direction I want to go in eventually, but it does work
very well when you don't know how it works. Left me thinking about a lot of
things. It's not ideal however because it won't be easy to get output from
other applications (say, MAME) into that.

It does make me realize though that it really isn't that easy to get nicely
output interlaced video on a TV from a bunch of applications.

GStreamer

Walters asked for new releases in time for Fedora Core 2 Test 3, so I went
ahead. Releasing was so much less painful than before. I could easily
tweak the spec files to rebuild packages to test, and everything worked out
fine. So 0.8.1 of both core and plugins are out the door.

Streaming

Experimented a little with camserv, which gave me some trouble making
packages, but after a few patches it agreed to be put in an rpm. I
didn't like what I saw from the code though. Now to start thinking how to
split up GStreamer pipelines to implement the same thing.

Fluendo

New office is almost ready. I get thrilled even only from seeing our name
in sticky letters by the door :) We'll probably move in sometime next week.

Music

I went looking for two bands I have heard stuff off but haven't found CD's
for here yet. I came up with their latest albums. The first band is Mew,
a Danish band. Their music is sort of like My Bloody Valentine in sound,
but more poppy, and with Sigur Ros-like singing, but in English instead of
made-up-language. I saw them live once and really liked them, but never
found a CD in a store. I must say it's a really good album (with a good
Stina Nordenstam duet on it too) and I'll probably order it.
The other one was by the Walkmen, which for lack of inspiration I'll describe
as a mix of Interpol and the Strokes :)

We had sort of crappy weather with lots of rain over the last week.
More rain than in the three months before last week combined.
But this weekend has been absolutely wonderful. We went out skating
with a smaller group today and it was incredibly nice. A bit of sea wind,
lots of sun, and pure fun. We passed by a square were they were setting
up huge cranes for some construction work, and I noticed a van with a cable
tied to a traffic light, with the traffic light being bent.

After some cluedo'ing we concluded that the van had reversed on purpose
to pull down the traffic light in an angle so the big crane could take the
place of the traffic light. I wish I could've taken a picture :)
That's Spain for you - if the traffic light's in the way, you just bend it.

Dave/Dina

Finally made some time to finish up some new packaging. I finally figured
out the right kernel magic plus DirectFB magic to make applications share
the framebuffer, and have video playback be smooth again, and return to
XDirectFB after exiting. It involves cvs of the linux-fusion module
and DirectFB in itself at the moment, but it seems to work. Just rebuilding
the whole stack of RPM's from the kernel to XDirectFB on just takes a lot
of time though. On the plus side, the latest set of improvements to mach
just help a huge bunch. Nice to see your software coming together.

Tracking Heisenbugs this week. The first one was that after my return from
holidays, GstPlay wasn't able to play back anything anymore. I didn't really
look into it much until I really got annoyed and decided to read some logs.

The first problem was missing return value checking in the libraries, giving
the Totem user no clue on what is going wrong. I added some error handling
for these cases. On bugs like these it's best to work from the outside in,
and first fix the bugs at the top of the stack. If you fix the underlying
bugs, you forget about the toplevel bug that "the user doesn't know something
is wrong".

The actual problem seemed to be osssink failing to negotiate, and after
some digging I realized some code was added while I was away to autoprobe
the allowed sample rates. The log seemed to indicate that it wasn't able
to play back any sample rate, and from that point on everything failed.

I added some error signaling code for this condition. Only after testing
again it suddenly worked. This was even more surprising. I wasn't able
to reproduce it since, but I'm sure if anyone encounters it they'll at least
get a nice error dialog. So now it's a matter of waiting until it pops up
again for me.

Does serve as a reminder though that we really need to take more care in
the stuff we commit after 0.8.0 - it is impossible to predict how other
people's hardware will react to changes we make if they're less than trivial.

The second Heisenbug is one where playing our Matrix test clip and seeking
a lot of times can trigger an error where it fails to negotiate. Dolphy and
I thought it was a race, but it turns out it really isn't. It's another bug
that gets exposed sometimes because of a race. Basically our plugin is
somehow failing to cope with a resynchronisation after a seek. It looks like
the mad library handles the resync correctly, but we probably mess up
emptying the internal buffer somewhere. As a result, each seek, even in
audio files, triggers a whole bunch of resynchronisation in a row as it's
misreading header information and changing the sample rate quickly. Only
in some random cases this fails and throws an error.

Mad documentation is very sparse and our plugin isn't exactly crystal clear
either, so I'm spending some time reading the code and adding comments to
figure out what exactly could be wrong. It doesn't help that I'm constantly
distracted by other things to do as well.

One of those is thinking of the whole media playback/licensing issue.
We're starting to see some solutions to that problem but they will all take
time.

GNOME 2.6

I really want to use GNOME 2.6 as soon as possible, there are some enhancements
that I'd like to use and there is code I want to test and fix. Over the last
years I've changed and tweaked my cvs setup a little, and this time I made
the last change I wanted to make. Instead of having the cvs checkouts and
install locations under my user account, I decided to move it to /home/gnome
and create a second test user. There are some things that really don't like
having the same process from different locations for the same user at the
same time running, so for those things it's better to run your cvs session
as a different user.

So basically, I have jhbuild check out to /home/gnome/head/cvs and install to
/home/gnome/head/prefix. I'll also be having a 2.6 jhbuild branch,
in the same location, but with head changed to 2.6. Maybe I should write
a short article on how I organize stuff and why, because a lot of people
seem to run in various problems using cvs build tools and the resulting
build.

Then I wanted to actually use it without interrupting with my regular X
sessions, so I tried to use gdmflexiserver -n again, but it just crashes
mysteriously on my Fedora box, bringing down the current X. After some
searching and poking, it seems that this is a known bug (127780), and I
pulled the fix from CVS and
rebuilt the FC1 rpm - if you're experiencing
the same problem, get this RPM and try it out.

So now my fake user is happily running GNOME head again, and I can finally
fix some nautilus-media bugs again. And I get to recover about 5 GB of
accumulated crap from my main user's gnome directories, including some
stray patches I was going to still submit.

ssh key authentication

Some people gave me some tips. Apparently keychain is a daemon which
allows you to authenticate only once per bootup, not once per session.
Also, You don't really need the two files I created on Fedora Core; your
X session is already run inside ssh-agent by default, and you can just
add ssh-add to gnome-session-properties and you get a nicer, nonblocking
dialog for your passphrase. Even better ! Thanks.

Life

Saw a poster this week for a great music festival at the end of May in the middle of Barcelona ! Beside Wilco, PJ Harvey and Elbow, the Pixies are playing ! I'll get to see them before all of my undoubtly jealous Belgian friends :) Too bad I have to be in Belgium the first day of the festival for my dad's thesis/graduation/professor thing, but as long as I can see the Pixies, I'll be fine.

Spun a new tarball yesterday because a translation got added. This also
allowed me to try and put in a patch I had received for the thumbnailer but
for which I didn't have time or inclination to push it in before going on
holidays. Having to respin the tarball anyway made me submit the patch
to the release team together with some good arguments on why this patch
makes sense. Nice to see that good arguments help make good decisions.

Then I made an RPM to test and got extremely puzzled by the fact that nautilus
crashed as soon as I checked a property page on an audio file. After reading
a bunch of bonobo, then ORBit code, which scared me senseless, I figured
out the right way to run nautilus from gdb (remove nautilus from the session),
and then the problem became readily apparent. It was not finding glade files,
and it was not doing so because I forgot a "make" command in the spec file.
So the actual build was done from %makeinstall, which overrides datadir
and friends, causing the wrong - install-time - location for the UI files
to be put in the binary.

So now I firsthand experienced the difference between running or not running
make before make install.

ssh

With the recent break-in on GNOME servers I wanted to do my part in making sure
I'm doing things correctly. I got told that using passphraseless ssh keys
is worse than doing password-based ssh access, so I started looking into how
it ought to be done instead. Some people asked me to let them know if I
figured out the right set of things to do, so here it is.

Basically, I did the following:

mv .ssh ssh in my homedir

generate a completely new ssh-dsa key, with passphrase

replace the old public key in authorized_keys on all the servers I use
this key on (for this step, ssh -i ssh/id_dsa is useful, since you want to
get on the servers using your old key to install your new pubkey)

It is possible to add a passphrase to your current key, but since that doesn't
really change the public key it doesn't help at all if someone might have
gotten your old private key. So, don't :)

After this, you want to set up your session so that you only get asked for
your passphrase once, and ssh-agent takes care of authenticating when you
move around. If you run Red Hat/Fedora, you can do the following:

run switchdesk, and choose the same type of session you are running.
This will generate .Xclients and .Xclients-default

edit .Xclients and replace each "exec" instance with "exec ssh-agent".
This step makes sure that your session is run under ssh-agent.

edit .Xclients-default and add "ssh-add < /dev/null" BEFORE the
exec gnome-session line. This step makes sure that before your
gnome-session is loaded, a GUI window will pop up to ask you for your
passphrase.

Now log out and back in, fill in your passphrase, and try logging into
a server where you copied your new public key to. It should just let you in.

If I made an important security boo-boo, let me know please.

Nuts

There's this incredibly nut roasting store in Barcelona. If you're ever
around, go over and buy some almonds or hazel nuts. They taste so much
better than the ones you buy anywhere else. I feel an addiction coming up.